Cloud Hardening
Network security in the cloud
In recent years, many organizations are using network services in the cloud.
So in addition to securing on-premises networks,
a security analyst will need to secure cloud networks.
In a previous video, you learned that a cloud network is a collection of
servers or computers that stores resources and
data in a remote data center that can be accessed via the internet.
They can host company data and applications using cloud computing to
provide on-demand storage, processing power, and data analytics.
Just like regular web servers, cloud servers also require proper maintenance
done through various security hardening procedures.
Although cloud servers are hosted by a cloud service provider,
these providers cannot prevent intrusions in the
cloud—especially intrusions from malicious actors, both internal and
external to an organization.
One distinction between cloud network hardening and
traditional network hardening is the use of a server baseline image for
all server instances stored in the cloud.
This allows you to compare data in the cloud servers to the baseline image to
make sure there haven't been any unverified changes.
An unverified change could come from an intrusion in the cloud network.
Similar to OS hardening, data and applications on a cloud network are kept
separate depending on their service category.
For example, older applications should be kept separate from newer applications,
and software that deals with internal functions should be kept separate
from front-end applications seen by users.
Even though the cloud service provider has a shared responsibility with
the organization using their services, there are still security measures that
need to be taken by the organization to make sure their cloud network is safe.
Just like traditional networks, operations in the cloud need to be secured.
You're doing great! Meet you in the next video.
Kelsey: Cloud security explained
I'm Kelsey, I'm a distinguished engineer at Google Cloud.
I work on compute platforms and security related topics.
When I was starting, the only jobs I had previous,
the only jobs I was confident were accessible to me were fast food jobs.
I wanted a career, I wanted more than just a job.
So when I zoomed out and asked myself, what were my career options?
I couldn't think of a better place in the year 1999 than going into the world
of technologies.
I mean, on the news people were lining up for the latest operating system.
All the tech people were the new rock stars.
And I remember flipping through the opening jobs or
the job openings in the classified section, and it said anyone that has one
of these certifications let us know because we're hiring.
The delta between getting started and
getting your first job into that career that I always wanted,
it was $35 away in a certification book.
So let's talk about Cloud.
So before the time of Cloud, most companies had their own data center.
Imagine it's just you alone in your house, you can put anything wherever you want.
You may choose to never lock the doors on the inside, it's just you.
And for a long time in our industry,
that's the way people ran their data centers.
Now, we just call that private Cloud, it's just you there.
But Cloud is public.
And so the analogy would be, imagine getting roommates,
now you start to think differently about your stuff.
You start to lock things up even while you're inside of the house, and
your security discipline is going to be very different.
As more and more companies move into Cloud.
You may just be the person who can help one of those organizations finally make
that leap because they have a professional on their team.
All right, so you've gotten the certification,
you've gotten the fundamental skills,
how do you make sure that you can actually use them in the Cloud?
I'm going to let you in a little secret.
Go use the Cloud.
Go take existing software, throw it in the Cloud, and
find all the tools that poke and prod at the thing you just got running and
it's going to tell you where you're weak.
Learn those tools, because those are the tools that the professionals use.
Learning is a superpower.
It gives you the ability to not only get that job that you've been looking at,
but it also gives you the ability to define the next one.